+----------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | July 18th, 2008 Volume 9, Number 29 | | | | Editorial Team: Dave Wreski <dwreski@xxxxxxxxxxxxxxxxx> | | Benjamin D. Thomas <bthomas@xxxxxxxxxxxxxxxxx> | +----------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, advisories were released for afuse, pdns-recursor, cacti, gaim, lighttpd, iceweasel, bind, pcre, x11, poppler, openldap, openoffice, pidgin, firefox, php, java, ruby, and seamonkey. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu. --- >> Linux+DVD Magazine << In each issue you can find information concerning the best use of Linux: safety, databases, multimedia, scientific tools, entertainment, programming, e-mail, news and desktop environments. Catch up with what professional network and database administrators, system programmers, webmasters and all those who believe in the power of Open Source software are doing! http://www.linuxsecurity.com/ads/adclick.php?bannerid=26 --- Security Features of Firefox 3.0 -------------------------------- Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security. Read on for more security features of Firefox 3.0. http://www.linuxsecurity.com/content/view/138972 --- Review: The Book of Wireless ---------------------------- "The Book of Wireless" by John Ross is an answer to the problem of learning about wireless networking. With the wide spread use of Wireless networks today anyone with a computer should at least know the basics of wireless. Also, with the wireless networking, users need to know how to protect themselves from wireless networking attacks. http://www.linuxsecurity.com/content/view/136167 --> Take advantage of the LinuxSecurity.com Quick Reference Card! <-- --> http://www.linuxsecurity.com/docs/QuickRefCard.pdf <-- ------------------------------------------------------------------------ * EnGarde Secure Community 3.0.19 Now Available! (Apr 15) ------------------------------------------------------- Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.19 (Version 3.0, Release 19). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/136174 ------------------------------------------------------------------------ * Debian: New afuse packages fix privilege escalation (Jul 16) ------------------------------------------------------------ Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem. http://www.linuxsecurity.com/content/view/139936 * Debian: New pdns-recursor packages fix predictable randomness (Jul 16) ---------------------------------------------------------------------- Thomas Biege discovered that the upstream fix for the weak random number generator released in DSA-1544-1 was incomplete: Source port randomization did still not use difficult-to-predict random numbers. This is corrected in this security update. http://www.linuxsecurity.com/content/view/139935 * Debian: New cacti packages fix regression (Jul 15) -------------------------------------------------- Since the previous security update, the cacti package could no longer be rebuilt from the source package. This update corrects that problem. Note that this problem does not affect regular use of the provided binary packages (.deb). http://www.linuxsecurity.com/content/view/139921 * Debian: New gaim packages fix execution of arbitrary code (Jul 15) ------------------------------------------------------------------ It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code. http://www.linuxsecurity.com/content/view/139919 * Debian: New lighttpd packages fix multiple DOS issues (Jul 15) -------------------------------------------------------------- Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint. http://www.linuxsecurity.com/content/view/139918 * Debian: New iceweasel packages fix several vulnerabilities (Jul 11) ------------------------------------------------------------------- Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. http://www.linuxsecurity.com/content/view/139768 ------------------------------------------------------------------------ * Gentoo: Mercurial Directory traversal (Jul 15) ---------------------------------------------- A directory traversal vulnerability in Mercurial allows for the renaming of arbitrary files. http://www.linuxsecurity.com/content/view/139922 * Gentoo: BIND Cache poisoning (Jul 11) ------------------------------------- A weakness in the DNS protocol has been reported, which could lead to cache poisoning on recursive resolvers. http://www.linuxsecurity.com/content/view/139769 ------------------------------------------------------------------------ * Mandriva: Updated pcre packages fix vulnerability (Jul 16) ---------------------------------------------------------- Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execution of arbitrary code or a denial of service (CVE-2008-2371). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/139926 * Mandriva: Updated x11-server packages fix offscreen pixmaps drawing issue (Jul 16) ---------------------------------------------------------------------------------- This x11-sever update disables offscreen pixmaps by default as they were causing drawing issues with Firefox 3 and other applications. To re-enable this option, use 'Option XaaOffscreenPixmaps on' in xorg.conf. http://www.linuxsecurity.com/content/view/139925 * Mandriva: Updated poppler packages fix arbitrary code execution vulnerability (Jul 15) -------------------------------------------------------------------------------------- A memory management issue was found in libpoppler by Felipe Andres Manzano that could allow for the execution of arbitrary code with the privileges of the user running a poppler-based application, if they opened a specially crafted PDF file (CVE-2008-2950). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/139923 * Mandriva: Updated bluez/bluez-utils packages fix SDP packet parsing vulnerability (Jul 15) ------------------------------------------------------------------------------------------ An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and potentially execute arbitrary code with the privileges of the hcid daemon (CVE-2008-2374). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/139786 * Mandriva: Updated openldap packages fix slapd DoS vulnerability (Jul 12) ------------------------------------------------------------------------ A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon (CVE-2008-2952). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/139773 * Mandriva: Updated OpenOffice.org packages fix vulnerability (Jul 11) -------------------------------------------------------------------- Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue. http://www.linuxsecurity.com/content/view/139772 * Mandriva: Updated pidgin packages fix MSN protocol handler vulnerability (Jul 10) --------------------------------------------------------------------------------- An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message (CVE-2008-2927). In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/139761 ------------------------------------------------------------------------ * RedHat: Critical: firefox security update (Jul 16) -------------------------------------------------- An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139933 * RedHat: Critical: seamonkey security update (Jul 16) ---------------------------------------------------- Updated seamonkey packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139934 * RedHat: Critical: firefox security update (Jul 16) -------------------------------------------------- Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. http://www.linuxsecurity.com/content/view/139932 * RedHat: Moderate: php security update (Jul 16) ---------------------------------------------- Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139929 * RedHat: Moderate: php security and bug fix update (Jul 16) ---------------------------------------------------------- Updated php packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139928 * RedHat: Moderate: php security update (Jul 16) ---------------------------------------------- Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139927 * RedHat: Critical: java-1.5.0-sun security update (Jul 14) --------------------------------------------------------- Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139784 * RedHat: Critical: java-1.4.2-ibm security update (Jul 14) --------------------------------------------------------- Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139779 * RedHat: Moderate: ruby security update (Jul 14) ----------------------------------------------- Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139780 * RedHat: Moderate: ruby security update (Jul 14) ----------------------------------------------- Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139781 * RedHat: Moderate: bluez-libs and bluez-utils security (Jul 14) -------------------------------------------------------------- Updated bluez-libs and bluez-utils packages that fix a security flaw are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139782 * RedHat: Critical: java-1.6.0-sun security update (Jul 14) --------------------------------------------------------- Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/139783 ------------------------------------------------------------------------ * Slackware: mozilla-firefox (Jul 17) ------------------------------------- New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and 12.1 to fix security issues. More details about the issues may be found on the Mozilla site: http://www.mozilla.org/security/known-vulnerabilities/firefox20.html http://www.linuxsecurity.com/content/view/139938 * Slackware: seamonkey (Jul 17) ------------------------------- New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/security/known-vulnerabilities/seamonkey11.htm l http://www.linuxsecurity.com/content/view/139939 * Slackware: seamonkey (Jul 10) ------------------------------- New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.html#s eamonkey http://www.linuxsecurity.com/content/view/139756 * Slackware: mozilla-firefox (Jul 10) ------------------------------------- New mozilla-firefox packages are available for Slackware 10.2, 11.0, 12.0, and 12.1 to fix security issues. More details about the issues may be found on the Mozilla site: http://www.mozilla.org/projects/security/known-vulnerabilities.html#f irefox http://www.linuxsecurity.com/content/view/139757 * Slackware: bind (Jul 10) -------------------------- New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to address a security problem. More details may be found at the following links: http://www.isc.org/sw/bind/bind-security.php http://www.kb.cert.org/vuls/id/800113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://www.linuxsecurity.com/content/view/139758 ------------------------------------------------------------------------ * SuSE: bind (SUSE-SA:2008:033) (Jul 11) -------------------------------------- The new version of bind uses a random transaction-ID (TRXID) and a random UDP source-port for DNS queries to address DNS cache poisoning attacks possible because of the "birthday paradox" and an attack discovered by Dan Kaminsky. Unfortunately we do not have details about Kaminsky's attack and have to trust the statement that a random UDP source-port is sufficient to stop it. http://www.linuxsecurity.com/content/view/139763 ------------------------------------------------------------------------ * Ubuntu: Firefox vulnerabilities (Jul 17) ----------------------------------------- A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2785) http://www.linuxsecurity.com/content/view/140005 * Ubuntu: PCRE vulnerability (Jul 14) ------------------------------------ Tavis Ormandy discovered that the PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service. http://www.linuxsecurity.com/content/view/139785 ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------